Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

dns: adjust crypto policy to be idempotent

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2024-10-13 10:30:51 -07:00
parent a018c15c33
commit 43fa9928d6
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/base/tasks/crypto-policies.yml
View file

@ -28,7 +28,7 @@
- name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
command: "update-crypto-policies --set DEFAULT:SHA1"
when: inventory_hostname.startswith('ns')
when: "inventory_hostname.startswith('ns') and (currentcryptopolicy.stdout.find('DEFAULT:SHA1') == -1 or cryptopolicyapplied.rc != 0)"
check_mode: no
tags:
- crypto-policies